Merge pull request #11236 from ethereum/fix-allowed-paths-with-stdin

Fix stdin bypassing allowed paths
This commit is contained in:
chriseth 2021-04-19 18:03:05 +02:00 committed by GitHub
commit 8d169d3615
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 26 additions and 5 deletions

View File

@ -26,6 +26,7 @@ Compiler Features:
Bugfixes: Bugfixes:
* Antlr Grammar: Fix parsing of import paths involving properly distinguishing between empty and non-empty string literals in general. * Antlr Grammar: Fix parsing of import paths involving properly distinguishing between empty and non-empty string literals in general.
* AST Output: Fix ``kind`` field of ``ModifierInvocation`` for base constructor calls. * AST Output: Fix ``kind`` field of ``ModifierInvocation`` for base constructor calls.
* Commandline interface: Fix standard input bypassing allowed path checks.
* SMTChecker: Fix false positive and false negative on ``push`` as LHS of a compound assignment. * SMTChecker: Fix false positive and false negative on ``push`` as LHS of a compound assignment.
* SMTChecker: Fix false positive in contracts that cannot be deployed. * SMTChecker: Fix false positive in contracts that cannot be deployed.
* SMTChecker: Fix internal error on public getter returning dynamic data on older EVM versions where these are not available. * SMTChecker: Fix internal error on public getter returning dynamic data on older EVM versions where these are not available.

View File

@ -585,15 +585,15 @@ bool CommandLineInterface::readInputFilesAndConfigureRemappings()
if (eq != path.end()) if (eq != path.end())
{ {
if (auto r = ImportRemapper::parseRemapping(path)) if (auto r = ImportRemapper::parseRemapping(path))
{
m_remappings.emplace_back(std::move(*r)); m_remappings.emplace_back(std::move(*r));
path = string(eq + 1, path.end());
}
else else
{ {
serr() << "Invalid remapping: \"" << path << "\"." << endl; serr() << "Invalid remapping: \"" << path << "\"." << endl;
return false; return false;
} }
string remappingTarget(eq + 1, path.end());
m_fileReader.allowDirectory(boost::filesystem::path(remappingTarget).remove_filename());
} }
else if (path == "-") else if (path == "-")
addStdin = true; addStdin = true;
@ -628,9 +628,8 @@ bool CommandLineInterface::readInputFilesAndConfigureRemappings()
// NOTE: we ignore the FileNotFound exception as we manually check above // NOTE: we ignore the FileNotFound exception as we manually check above
m_fileReader.setSource(infile, readFileAsString(infile.string())); m_fileReader.setSource(infile, readFileAsString(infile.string()));
path = boost::filesystem::canonical(infile).string(); m_fileReader.allowDirectory(boost::filesystem::path(boost::filesystem::canonical(infile).string()).remove_filename());
} }
m_fileReader.allowDirectory(boost::filesystem::path(path).remove_filename());
} }
if (addStdin) if (addStdin)

View File

@ -0,0 +1 @@
-

View File

@ -0,0 +1,11 @@
Error: Source "too_long_line/input.sol" not found: File outside of allowed directories.
--> <stdin>:4:1:
|
4 | import "../too_long_line/input.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Error: Source "error_codes/input.sol" not found: File outside of allowed directories.
--> stdin_allowed_paths/input.sol:4:1:
|
4 | import "../error_codes/input.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

View File

@ -0,0 +1 @@
1

View File

@ -0,0 +1,4 @@
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.0;
import "../error_codes/input.sol";

View File

@ -0,0 +1,4 @@
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.0;
import "../too_long_line/input.sol";